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DETAILED ACTION 

1 . The examiner acknowledges the amendments to the claims and the arguments 
filed therewith on August 16, 2007. In particular, Applicant has amended claims 1, 5, 7, 
9, 10, 12, 14, 16 and 18, and cancelled claims 11, 13, 15, 17 and 19-21. 

Response to Arguments 

2. The examiner also acknowledges the amendments to claims 14, 16 and 18, 
where the method steps of claims 1 , 5, and 7, respectively, have been positively recited 
in these claims. < 

On page 10 of the response, Applicant argues that "Nowhere in Bren nan's disclosure 
does it mention that each element of the exponent interval has a unique prime 
Emphasis added. Applicant also asserts that In other words, random integers uniformly 
between two selected bounds produced in Brennan can have multiple occurrences 
where the prime factors are the same - hence not unique prime factors." Accordingly, 
Applicant concludes that "Brennan fails to suggest or teach generating an exponent 
interval having a first random limit ... each element of the exponent interval has a 
unique prime factor. .." 

First it should be noted that claim 1, for example, recites "generating an exponent 
interval having a first random limit, wherein, with a probability close to certainty, each 
element of the exponent interval has a unique prime factor..." Emphasis added. 
While the claim refers to "each element", it is not recited that the "exponent interval" 
has a plurality of elements where each of such plurality of elements would have a 
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unique prime factor. For what's recited in the claim, as presented, the exponent 
interval may have one element and that one element would have a unique value. 
Second, the characterization of the reference is not appropriate. Applicant states 
that the "random integers... in Brennan can have multiple occurrences where the 
prime factors are the same." Such disclosure is not found in the reference. Even if 
the characterization of the reference is correct, Applicant notes that "the random 
integers .... can have multiple occurrences where the prime factors are the same." 
That is, by the same token, the random integers can have multiple occurrences 
where the prime factors are not the same, whereby being unique prime factors. 
In addition, in column 4, Brennan describes that the key agents are different from 
each other; that is, the key agents are unique. See, in particular, lines 53-60. 

On page 11 of the response, Applicant asserts that "The public keys of Brennan and 
Arditti, as discussed above, do not generate public keys . . . that those prior art 
references fail to generate a public key having an exponent interval having a first 
random limit . . . each element of the exponent interval has a unique prime factor. .." 
The examiner respectfully disagrees with Applicant's characterization of the prior art 
references and the claimed invention. As noted above, the claims do not recite that 
the "exponent interval" has a plurality of elements where each of such plurality of 
elements would have a unique prime factor. For what's recited in the claim, as 
presented, the exponent interval may have one element and that one element would 
have a unique value. 
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Still on page 11 of the response, Applicant argues that "no signature value on a 

message is derived by the first computer node. 

The examiner respectfully disagrees. First, it should be noted that the "several 
computers" referred to by Applicant also include the "first computer node". The claim 
does not recite that the signature is derived only by the first computer node. 
In addition, Brennan et al discloses, in column 6, a first computer node (Entity-A) 
delivering a certificate (signature) to another computer (Entity-B). Emphasis added. 
See, in particular, lines 24-31 and 13-63. See also column 12, lines 25-31. 

Applicant also concludes that "In the case ofArditti, a 'claimant' draws a first random 
number a and calculates a value while a "verifier" draws a second random exponent 
(3... Arditti defines the claimant and verifier as two different entities." 

That is true. The "claimant" disclosed in Arditti et al corresponds to the "first 
computer note" recited in the claims of the present application and the "verifier" 
corresponds to the claimed "second computer node". As shown in Fig. 3, Arditti et 
§J describes that that the "claimant" (first computer node" generate a public key 
value derived from the random secret key and transmits such pubic key value to the 
verifier (second computer node). See also column 4, line 55 to column 5, line 37. 

On page 12 of the response, Applicant states that "Chaum discloses that 'at least one 
prime factor" is uniquely determined by the message. In other words, Chaum fails to 
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suggest or teach each element of the exponent interval having a unique prime factor. .." 
Applicant concludes that "only one of Chaum's prime factor has to be unique. " 
Emphasis added. 

The examiner respectfully disagrees. The term "at least one" implies, at the 
minimum, "one" and can include more than one (i.e., a plurality). Thus, the "at least 
one prime factor" referred t by Applicant can include a plurality (more than one) of 
prime factors, wherein each of the prime factor would have a unique value. See also 
column 8, where Chaum discloses a plurality of prime factors 
In addition, it should be noted that Chaum discloses a first party (first computer 
node) and a second party (second computer node), where the first computer node or 
first party derives a signature value and transmits such to the second computer node 
or second party. See figures 7, 9, 12-14, and, in particular, column 2, lines 59-63. 

On page 13 of the response, Applicant acknowledges that Hopkins discloses "on or 
more k prime factors of the group". However, Applicant contends that "Nowhere in 
Hopkins disclosure does it mention that each element of the exponent interval has ... a 
unique prime factor. . . " 

Once again the examiner respectfully disagrees. It is pointed out that the expression 

"one or more" implies "one" or "more than one", i.e. a plurality. 

Applicant also asserts "Boudot similarly fails to remedy Hopkins' deficiency and merely 
provides a rather abstract proof related to "membership to an interval" where there is no 
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mention of each element of the exponent interval having a unique prime factor..." 
Emphasis added. 

The examiner respectfully disagrees. It should be brought to Applicant's attention 
that the Boudot reference was used for the disclosure of having the value of the 
exponent lies in a specific interval. The Boudot reference does, in deed, meet this 
limitation. As referred in the rejection, Boudot discloses a committed integer, i.e., 
the value of the exponent, lies in a specific interval. See, in particular, sections 1 , 
1.1, and 4. 

It appears that Applicant is arguing the references individually as opposed to their 
combination. It should be noted that one cannot show nonobviousness by attacking 
references individually where the rejections are based on combinations of references. 
See In re Keller, 642 F.2d 413, 208 USPQ 871 (CCPA 1981); In re Merck & Co., 800 
F.2d 1091, 231 USPQ 375 (Fed. Cir. 1986). 

To the extent that the response to the applicant's arguments may have 
mentioned new portions of the prior art references which were not used in the prior 
office action, this does not constitute new a new ground of rejection. It is clear that the 
prior art reference is of record and has been considered entirely by applicant. See In re 
Bover , 363 F.2d 455, 458 n.2, 150 USPQ 441, 444, n.2 (CCPA 1966) and In re Bush . 
296 F.2d 491, 496, 131 USPQ 263, 267 (CCPA 1961). 

* 

The mere fact that additional portions of the same reference may have been 
mentioned or relied upon does not constitute new ground of rejection. In re Meinhardt , 
392, F.2d 273, 280, 157 USPQ 270, 275 (CCPA 1968). 
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In light of the above, the claims remain rejected and this office action made final. 

Claim Rejections - 35 USC §103 

3. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 

obviousness rejections set forth in this Office action: 

A patent may not be obtained though the invention is not identically disclosed or described as set forth 
in section 102 of this title, if the differences between the subject matter sought to be patented and the 
prior art are such that the subject matter as a whole would have been obvious at the time the invention 
was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

4. Claims 1-4, 12, 14 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Brennan etal (US 5675649) in view of Arditti et al (US 61 25445) 

Claims 1 , 12, 14: Brennan et al discloses a method for cryptographic key generation 
comprising: 

a. Generating a random secret key (The secret parameters M and x, once 
generated provided a means of producing a cryptographically secure source of 
random numbers) (column 11, lines 60-63); 

b: Providing a public key comprising an exponent-interval description and a 
public key value derived from the random secret key, such that the random 
secret key and a selected exponent value from the exponent interval are usable 
for deriving a signature value on a message to be sent within the network to a 
second computer node for verification (M must be a large integer which is the 
product of two large primes p and q. It is recommended that M have the same 
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number of bit its binary expansion as does N. Absent specific knowledge of p or 
q. M must be presumed computationally infeasible to factor) (column 10, lines 
47-51). 

But does not explicitly disclose a step of generating an exponent interval having a first 
random limit, wherein, with a probability close to certainty, each element of the 
exponent interval has a unique prime factor that is larger than a given security 
parameter. However, Arditti etal discloses a public key identification process using 
two has functions, which further disclose a step generating an exponent interval having 
a first random limit (a parameter m determining the interval [0-m1] in which are drawn 
the random exponent)(column 4, lines 52-53). Therefore, it would have been obvious 
for one having ordinary skill in the art at the time the invention was made to add a step 
of generating an exponent interval to Brennan etal disclosure. One would have been 
motivated to generate an exponent interval in order to prevent adversary attack since 
the security of the system depends on the problem of factoring large number. 

Claim 2: Brennan etal and Arditti et aj disclose a method for cryptographic key 
generation as in claim 1 above, Brennan etal further discloses that the step of 
generating a random secret key comprises using two primes, the product of which is 
part of the public key (the prime generation algorithm used produced a prime from a 
subset of all primes in a specific range. In contrast to other methods available for 
producing cryptographic primes where integers generated are only probable primes. 
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PGEN generates provable primes. Once two primes have been identified by PGEN, 
they are used to calculate the secret key) (column 12, lines 9-21). 

Claim 3: Brennan etal and Arditti et a I disclose a method for cryptographic key 
generation as in claim 1 above, Brennan et al further discloses that the step of 
generating a random secret key comprises selecting an integer value defining a class 
group and selecting two elements of the class group (the x A 2 mod M random bit 
generator can converted into a random number generator for producing integers from 
the interval [a, b]. To pick a number from this interval, random bit sequences of length 
[1+log2 (b)] bits can be generated until a sequence of bit of bits as a binary number lies 
in [a, b]) (column 11, lines 37-40). 

Claim 4: Brennan etal and Arditti et al disclose a method for cryptographic key 
generation as in claim 3 above, Brennan et al further discloses that the step of 
providing a public key comprises computing a modified public key value under use of 
the selected two elements and the exponent interval (the prime should be selected 
wisely from a set of all possible primes so that any known cryptographic attack against 
RSA is foiled) (column 12, lines 6-9). 

5. Claims 5, 16 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Brennan etal (US 5675649) in view of Boudot (Eurocrypt 200, LNCS 1807, pp.431 - 
444, 200). 
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Claims 5,16: Brennan et al discloses a method for cryptographic key generation 
comprising the steps of: 

a. Selecting an exponent value from an exponent interval, wherein each 
element of the exponent interval has, with a probability close to certainty, a 
unique prime factor that is larger than a given security parameter (M must be a 
large integer which is the product of two large primes p and q. It is 
recommended that M have the same number of bit its binary expansion as does 
N. Absent specific knowledge of p or q. M must be presumed computationally 
infeasible to factor) (column 10, lines 47-51); and 

b. Deriving the signature value from a provided secret key, the selected 
exponent value, and the message, the signature value being sendable within the 
network to a second computer node for verification (a third stage comprises 
creation of a self -signed certificate attesting the certificate authority name, 
public module N, and public exponent e and the validity period of these public 
key parameters. A secure hash function is applied to the certificate information to 
create a message digest, ext the message digest is encrypted with the certificate 
authority's secret key)(column 12, lines 22-30). 

But does not explicitly discloses that the value of the exponent lies in a specific interval. 
However, Boudo t discloses an efficient proofs that a committed number lies in an 
interval, which further discloses a method of publicly verifiable encryption by proving 
that the committed number belongs to an interval) (section 4). Therefore, it would 
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have been obvious for one having ordinary skill in the art at the time the invention was 
made to set an interval value for the exponent in Brennan etal ' disclosure. One would 
have been motivated to do so in order to ensure integrity and authenticity of data and 
often also confidentiality. 

2. Claim 6 is rejected under 35 U.S.C. 103(a) as being unpatentable over Brennan 
etal (US 5675649) in view of Boudot (Eurocrypt 200, LNCS 1807, pp.431 -444, 200) as 
applied to claim 5 above, and in further view of Matyas et a I (US 52651 64). 

Claim 6: Brennan etal and Boudot disclose a method for cryptographic key 
generation as in claim 5 above, but does not explicitly disclose that the step of deriving 
the signature value further comprises a computation of the i-th root of a value derived 
from the message and the secret key using a cryptographic hash function, the i being 
the exponent value. However, Matyas et a I discloses a method for providing a secure 
hash and sign signature, which further discloses the step of deriving the signature 
value further comprises a computation of the i-th root of a value derived from the 
message and the secret key using a cryptographic hash function (at step 224, the 
encrypted CFBDKB (i.e., ECFBDKB) is decrypted with the public key algorithm using 
PRAb, the private device authentication key of device B. PRAb is stored in the CF 
Environment 146' of the CF 30', and hence is available for use by the ICFER 
instruction. For example, if the public key algorithm is the RSA algorithm, then 
decryption consists of raising the ECFBDKB to the power of an exponent d modulo a 
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modulus n, where d and n constitute the private key) (column 37, lines 14-23). 
Therefore, it would have been obvious for one having ordinary skill in the art at the time 
the invention was made to add a step of generating the signature by computing the i-th 
root to Brennan et al disclosure. One would have been motivated to do so in order to 
ensure integrity and authenticity of data and often also confidentiality. 

6. Claims 7-8, 10, 18 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Chaum (US 4996711) in view of Boudot (Eurocrypt 200, LNCS 1807, pp.431-444, 

200). 

7. Claims 7, 10, 18: Chaum discloses a selected exponent signature 
method comprising: 

a. Receiving the signature value from a first computer node (This root is 
communicated to the second party's processor 1208 via a suitable 
communication link)(column 20, lines 40-43); and 

b. Verifying whether an exponent value is contained in an exponent interval, 
wherein each element of the exponent interval has, with a probability close to 
certainty, a unique prime factor that is larger than a given security parameter, the 
signature value is invalid if the exponent value is not contained in the exponent 
interval (the data processor means 1202 of a first party in conjunction with 
associated means 1204 is capable of determining an exponent from a first 
message using a procedure known to the first party and to a second party, the 
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exponent containing at least one prime factor uniquely determined by the 
message. In addition, processor 1202 in conjunction with associated means 1206 
is capable of forming a root on a constant known to both first and second parties, 
said root corresponding to the exponent. This root is communicated to the 
second party's processor 1208 via a suitable communication link (indicated by 
dotted lines in FIG. 12). Then processor 1208 in conjunction with associated 
means 1210 checks the received root by computing the exponent, raising the 
root to said exponent to produce a result and then verifying that the result is said 
constant) (column 20, lines 31-46). 
But does not explicitly discloses that the value of the exponent lies in a specific interval. 
However, Boudo t discloses an efficient proofs that a committed number lies in an 
interval, which further discloses a method of publicly verifiable encryption by proving 
that the committed number belongs to an interval) (section 4). Therefore, it would have 
been obvious for one haying ordinary skill in the art at the time the invention was made 
to set an interval value for the exponent. One would have been motivated to do so in 
order to ensure integrity and authenticity of data and often also confidentiality. 

Claim 8: Chaum and Boudot disclose a method of producing a secure hash and sign 
signature as in claim 7 above, and Chaum further discloses that the step of verifying 
further comprises a computing step of raising a computed signature root value that 
being part of the signature value to the power of the exponent value (then processor 
1208 in conjunction with associated means 1210 checks the received root by 



Application/Control Number: 10/809,267 Page 14 

Art Unit: 2136 

computing the exponent, raising the root to said exponent to produce a result and then 
verifying that the result is said constant) (column 20, lines 43-46). 

8. Claims 9 is rejected under 35 U.S.C. 103(a) as being unpatentable over Hopkins 
etal (US 2003/0120931) in view of Boudot (Eurocrypt 200, LNCS 1807, pp.431 -444, 
200). 

9. Claim 9: Hopkins discloses a method of producing a secure hash and 
sign signature comprising: 

a. Means for selecting an exponent value from an exponent interval, wherein 
each element of the exponent interval has, with a probability close to certainty, a 
unique prime factor that is larger than a given security parameter (In accordance 
with one aspect of the present invention, the of the individual private keys 
includes: an associated individual modulus n.sub.i that is a number formed as a 
product of one or more of the k prime factors of the group modulus n; and an 
associated individual private exponent d.sub.i that is determined based on a 
selected public group exponent e, and also based on the prime factors of the 
associated individual modulus n.sub.i. Each of the individual private exponents 
d.sub.i may be determined as a number congruent to the inverse of the public 
group exponent e, modulo the Euler Totient function of the associated individual 
modulus n.sub.i)(page 2, paragraph 18); and 
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b. Means for deriving the signature value from a provided secret key, the 
selected exponent value, and the message, the signature value being sendable 
within the network to a second computer node for verification (Creation of a 
digital signature usually includes deriving a hash value of the message to be 
signed and then performing a mathematical operation on that value using the 
private key. Typically, the digital signature is attached to the corresponding 
message and transmitted to a second party) (page 1 , paragraph 9). 
But does not explicitly discloses that the value of the exponent lies in a specific interval. 
However, Boudo t discloses an efficient proofs that a committed number lies in an 
interval, which further discloses a method of publicly verifiable encryption by proving 
that the committed number belongs to an interval) (section 4). Therefore, it would have 
been obvious for one having ordinary skill in the art at the time the invention was made 
to set an interval value for the exponent. One would have been motivated to do so in 
order to ensure integrity and authenticity of data and often also confidentiality. 

Conclusion 

THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
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shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the mailing date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Fatoumata Traore whose telephone number is (571) 
270-1685. The examiner can normally be reached Monday through Thursday from 7:00 
a.m. to 4:00 p.m. and every other Friday from 7:30 a.m. to 3:30 p.m. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Nassar G. Moazzami, can be reached on (571) 272 4195. The fax phone 
number for Formal or Official faxes to Technology Center 2100 is (571) 273-8300. Draft 
or Informal faxes, which will not be entered in the application, may be submitted directly 
to the examiner at (571 ) 270-2685. 

Any inquiry of a general nature or relating to the status of this application or 
proceeding should be directed to the Group Receptionist whose telephone number is 
(571)272-2100. 

FT Nassar G. Moazzami 

Wednesday September 26 th , 2007 Supervisory Patent Examiner 




